|
| 1 | +# Microsoft Authentication Library (MSAL) for Python |
| 2 | + |
| 3 | +The MSAL library for Python gives your app the ability to begin using the [Microsoft Cloud](https://cloud.microsoft.com) |
| 4 | +by supporting [Microsoft Azure Active Directory](https://azure.microsoft.com/en-us/services/active-directory/) |
| 5 | +and [Microsoft Accounts](https://account.microsoft.com) in a converged experience using industry standard OAuth2 and OpenID Connect. |
| 6 | +Soon MSAL Python will also support [Azure AD B2C](https://azure.microsoft.com/services/active-directory-b2c/). |
| 7 | + |
| 8 | +More and more detail about MSAL Python functionality and usage will be documented in the |
| 9 | +[Wiki](https://github.com/AzureAD/microsoft-authentication-library-for-python/wiki). |
| 10 | + |
| 11 | +## Installation |
| 12 | + |
| 13 | +1. If you haven't already, [install and/or upgrade the pip](https://pip.pypa.io/en/stable/installing/) |
| 14 | + of your Python environment to a recent version. We tested with pip 18.1. |
| 15 | +2. For now, you can install from our latest dev branch, by `pip install https://github.com/AzureAD/microsoft-authentication-library-for-python.git@dev` |
| 16 | + |
| 17 | +## Usage |
| 18 | + |
| 19 | +Before using MSAL Python (or any MSAL SDKs, for that matter), you will have to |
| 20 | +[register your application with the AAD 2.0 endpoint](https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v2-register-an-app). |
| 21 | + |
| 22 | +Acquiring tokens with MSAL Python is somewhat different than ADAL Python. You will need to follow this 3-step pattern. |
| 23 | + |
| 24 | +1. Contrary to ADAL (which proposes the notion of `AuthenticationContext`, which is a connection to Azure AD), |
| 25 | + MSAL proposes a clean separation between |
| 26 | + [public client applications, and confidential client applications](https://tools.ietf.org/html/rfc6749#section-2.1). |
| 27 | + So you will first create either a `PublicClientApplication` or a `ConfidentialClientApplication` instance, |
| 28 | + and ideally reuse it during the lifecycle of your app. For example: |
| 29 | + |
| 30 | + ```python |
| 31 | + from msal import PublicClientApplication |
| 32 | + app = PublicClientApplication("your_client_id", authority="...") |
| 33 | + ``` |
| 34 | + |
| 35 | + Later, each time you would want an access token, you start by: |
| 36 | + ```python |
| 37 | + result = None |
| 38 | + ``` |
| 39 | + |
| 40 | +2. The API model in MSAL provides you explicit control on how to utilize token cache. |
| 41 | + This cache part is technically optional, but we highly recommend you to harness the power of MSAL cache. |
| 42 | + |
| 43 | + ```python |
| 44 | + # We now check the cache to see if we have some end users already signed in before. |
| 45 | + accounts = app.get_accounts() |
| 46 | + if accounts: |
| 47 | + # If so, you could then somehow display these accounts and let end user choose |
| 48 | + print("Pick the account you want to use to proceed:") |
| 49 | + for a in accounts: |
| 50 | + print(a["username"]) |
| 51 | + # Assuming the end user chose this one |
| 52 | + chosen = accounts[0] |
| 53 | + # Now let's try to find a token in cache for this account |
| 54 | + result = app.acquire_token_silent(config["scope"], account=chosen) |
| 55 | + ``` |
| 56 | + |
| 57 | +3. Either there is no suitable token in the cache, or you chose to skip the previous step, |
| 58 | + now it is time to actually send a request to AAD to obtain a token. |
| 59 | + There are different methods based on your client type. Here we demonstrate the username password flow. |
| 60 | + |
| 61 | + ```python |
| 62 | + if not result: |
| 63 | + # So no suitable token exists in cache. Let's get a new one from AAD. |
| 64 | + result = app.acquire_token_by_username_password( |
| 65 | + "[email protected]", "fakepassword", scopes=[ "user.read"]) |
| 66 | + if "access_token" in result: |
| 67 | + print(result["access_token"]) # Yay! |
| 68 | + else: |
| 69 | + print(result.get("error")) |
| 70 | + print(result.get("error_description")) |
| 71 | + print(result.get("correlation_id")) # You may need this when reporting a bug |
| 72 | + ``` |
| 73 | + |
| 74 | +That is it. There will be some variations for different flows. |
| 75 | +You can try [runnable samples in this repo](https://github.com/AzureAD/microsoft-authentication-library-for-python/tree/dev/sample). |
| 76 | + |
| 77 | + |
| 78 | +## Samples and Documentation |
| 79 | +We provide a full suite of [sample applications on GitHub](https://github.com/azure-samples?utf8=%E2%9C%93&q=active-directory&type=&language=) to help you get started with learning the Azure Identity system. This includes tutorials for native clients and web applications. We also provide full walkthroughs for authentication flows such as OAuth2, OpenID Connect and for calling APIs such as the Graph API. |
| 80 | + |
| 81 | +You can find the relevant samples by scenarios listed in this [wiki page for acquiring tokens using ADAL Python](https://github.com/AzureAD/azure-activedirectory-library-for-python/wiki/Acquire-tokens#adal-python-apis-for-corresponding-flows). |
| 82 | + |
| 83 | +The generic documents on |
| 84 | +[Auth Scenarios](https://docs.microsoft.com/en-us/azure/active-directory/develop/authentication-scenarios) |
| 85 | +and |
| 86 | +[Auth protocols](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols) |
| 87 | +are recommended reading. |
| 88 | + |
| 89 | +The API reference of MSAL Python is coming soon. |
| 90 | + |
| 91 | +## Versions |
| 92 | + |
| 93 | +This library follows [Semantic Versioning](http://semver.org/). |
| 94 | + |
| 95 | +You can find the changes for each version under |
| 96 | +[Releases](https://github.com/AzureAD/microsoft-authentication-library-for-python/releases). |
| 97 | + |
| 98 | +## Community Help and Support |
| 99 | + |
| 100 | +We leverage Stack Overflow to work with the community on supporting Azure Active Directory and its SDKs, including this one! |
| 101 | +We highly recommend you ask your questions on Stack Overflow (we're all on there!) |
| 102 | +Also browser existing issues to see if someone has had your question before. |
| 103 | + |
| 104 | +We recommend you use the "msal" tag so we can see it! |
| 105 | +Here is the latest Q&A on Stack Overflow for MSAL: |
| 106 | +[http://stackoverflow.com/questions/tagged/msal](http://stackoverflow.com/questions/tagged/msal) |
| 107 | + |
| 108 | +## Security Reporting |
| 109 | + |
| 110 | +If you find a security issue with our libraries or services please report it to [[email protected]](mailto:[email protected]) with as much detail as possible. Your submission may be eligible for a bounty through the [Microsoft Bounty ](http://aka.ms/bugbounty) program. Please do not post security issues to GitHub Issues or any other public site. We will contact you shortly upon receiving the information. We encourage you to get notifications of when security incidents occur by visiting [this page ](https://technet.microsoft.com/en-us/security/dd252948) and subscribing to Security Advisory Alerts. |
| 111 | + |
| 112 | +## Contributing |
| 113 | + |
| 114 | +All code is licensed under the MIT license and we triage actively on GitHub. We enthusiastically welcome contributions and feedback. Please read the [contributing guide](./contributing.md) before starting. |
| 115 | + |
| 116 | +## We Value and Adhere to the Microsoft Open Source Code of Conduct |
| 117 | + |
| 118 | +This project has adopted the [Microsoft Open Source Code of Conduct ](https://opensource.microsoft.com/codeofconduct/). For more information see the [Code of Conduct FAQ ](https://opensource.microsoft.com/codeofconduct/faq/) or contact [[email protected]](mailto:[email protected]) with any additional questions or comments. |
0 commit comments